Without rubric Apr 08, 2021

Blockchain Attacks: Eclipse Attack

The Eclipse attack is another well-known attack in the world of cryptocurrencies. It consists of isolating and cutting off the victims ‘ network connectivity by flooding them with false data about the blockchain network of which they are a part.

What is an Eclipse Attack?

The number of attacks that can be performed against the blockchain network is numerous, and among them is the Eclipse Attack. This is a type of cyberattack that aims to isolate and attack a specific user who is part of the network. All in order to be able to manipulate the data that the target receives from the network. Thus, any malicious actions can be carried out against the victim.

Surely, peer-to-peer networks (P2P) and blockchain technology are very secure, but there is no absolute security, and therefore we will tell you everything about this type of threat, as well as find out the existing means to avoid it and protect yourself.

Anatomy of a cyber threat

As we mentioned at the beginning, the Eclipse attack or information blackout attack is aimed at disconnecting the victim from the actual data flow from the network. This is so that the attacker can replace the victim’s data on the network. It sounds pretty intimidating from a security perspective, and it certainly is. But you may wonder why it is possible to conduct such an attack? Is there any way to avoid them?

First, these types of threats are possible due to the structure and limitations of the peer-to-peer communication protocol that the blockchain uses. In particular, this is due to the restriction of the number of connections and the safe selection of nodes. For example, in the Bitcoin network, the limit of outgoing connections (which you can establish with other remote nodes) is 8 connections. This means that each Bitcoin node is capable of supporting bidirectional connections to 8 nodes at the same time. The loop repeats on each node, because this behavior is part of the protocol described in Bitcoin Core.

Now this represents both an advantage and a disadvantage. On the one hand, its advantage is that due to the small number of connections, it requires little computing power and bandwidth. This opens the door for anyone from anywhere in the world to have a Bitcoin node. Thanks to this, it turns out to decentralize the network and increase security.

But restricting connections also has a drawback, namely that these connections are relatively easy to intercept. The effort required to do this depends on the security features, the process of selecting the protected node, and the size of the network. But basically all you need is a botnet under your control, and detecting IP addresses from the rest of the network nodes. So when these nodes restart their connection to the network, malicious nodes can interfere with the connection and take control of the victim.

Consequences of this type of cyberattack

The consequences of such malicious interference are diverse, and among them we can distinguish:

  • Using a Network Management connection

Once an attacker gains some control over the network, there is nothing stopping them from further strengthening that control. In fact, with each new node under control, it becomes easier and easier to expand your network presence. When you have node management, you can manipulate the locks as you see fit, and even sabotage and monitor network connections.

Eventually, an attacker may even be able to manipulate the growth of the network by changing the versions of the blockchain registry as they see fit.

  • Perform a block race

This is a highly specialized type of attack that can be performed on networks using the Proof of Work (PoW) protocol. This was pointed out back in 2015 by researchers Ethan Heilman, Alison Kendler, Aviv Zohar and Sharon Goldberg in their work “The Eclipse Attack on the Bitcoin peer-to-Peer Network”.

The explanation for the cyberattack is that if two miners discover a block at the same time, an attacker can use an eclipse attack on those miners to focus their mining efforts on the unattended blocks. This will give the attacker the opportunity to mine their own blocks. In the end, the attacker achieves that his block will be processed by the network under his control and will receive a reward.

Another possibility is to share the mining power in the network. Thus, an attacker can make it easier to launch a 51% attack to rewrite the blockchain or registry.

Finally, it also opens up the possibility of attacks by double-confirming expenses. This means that an attacker can control a certain group of miners and report from there that the transaction has received a number of confirmations. This cyber threat, for example, will allow you to trick the seller into thinking that the transaction for the service was confirmed by the network. But in reality, he will be the victim of an elaborate eclipse attack.

  • Attacks on second-level protocols

Another consequence of this type of threat is attacks on second-level protocols. That is, such protocols as Lightning Network, OmniLayer or RSK in the PTS are vulnerable. Or even created on the basis of smart contracts, such as all those that run on Ethereum, EOS or TRON.

This becomes possible because the eclipse will trick the victim into seeing the unreal state of the network. For example, the Lightning payment channel will be displayed as open to the victim, while the attacker closed the channel, taking the funds with him. In the case of smart contracts, users will see inconsistent blockchain states.

The possibility of launching new and more dangerous threat vectors

The possibility of launching new and more dangerous threat vectors

The eclipse attack is also the source of a more dangerous and far-reaching type of threat-the Erebus Attack. This attack is capable of performing a large-scale blackout on the network, which will cause it to split. As a result, anyone who performs an Erebus attack can split the network and manage it as they see fit, with the ability to perform a denial of service (DoS) attack, a 51% attack, or create a blockchain hard fork.

How can this be prevented?

These attacks have been known for a long time. In fact, they are known from the very creation of the first peer-to-peer networks. For example, according to the Kademlia protocol, it was susceptible to such attacks. However, this protocol implements a number of measures to prevent them. Some of these measures are still being implemented today with some improvements. Among these measures are the following:

  • Peer-to-peer identification system

This system ensures that the peers in the network have a unique and unique identifier. This is a way to create an ID tree that lets you know who is who on the network. In the blockchain, this is possible due to the use of asymmetric cryptography. However, this measure is not sufficient, because it is possible to run multiple nodes using the same IP address. For example, an attacker can create multiple nodes to control them and continue to apply their attack to the network.

Consequently, this measure is supplemented by the restriction of identities by IP, which prevents the use of this vector.

  • Peer selection process

Another important point to avoid Eclipse attacks is to have a reliable peer selection process for the network. For example, in Ethereum, this process uses a protocol based on Kademlia. This allows Ethereum to associate each element with a key and be stored only in those pairs whose node ID is “close” to the key associated with it. This “proximity” is defined as the binary Hamming distance between the key and the node ID.

In this way, the network ensures that there are a number of well-identified and connected nodes.

  • Monitoring incoming and outgoing connections

Another control measure used in the blockchain to avoid cyber threats is the control of incoming and outgoing connections. To do this, restrictions are set on communication with network nodes, so that in the event of an attack on a node, it can not affect most of the network. This prevents a node from having too much coverage, and an attacker will have to control multiple nodes to make a successful attack. In addition, this measure is being strengthened by decentralizing and expanding the network.

In total, these three protections are the most basic that all blockchain networks apply to their protocols. Their goal is clear: to make the eclipse attack very expensive. The use of all these defenses implies that the attacker must make a huge effort to control the network and carry out their attack. In fact, the larger the network for an attack, the more difficult it is to conduct it. Consequently, blockchain promoters are always asked to install full nodes to strengthen the network.

Is it easy to perform an information blackout?

Bitcoin and the rest of the blockchain networks are very clearly aware of the risks of Eclipse attacks on their networks. For this reason, they are always looking for mechanisms that help counteract these failures while maintaining the highest possible level of security.

How to avoid becoming a victim of the Eclipse Attack

The best way to protect yourself from this type of attack is to take into account a number of recommendations. Among them are the following:

  1. Be sure to use a payment system and wallets with a good reputation. If possible, try setting up your own node and using it to validate your transactions. In this way, you will not only help protect the network, but also create security measures to protect yourself from this type of threat.
  2. Avoid accepting payments with 0-conf or no confirmations. Remember that in this state, transactions can be manipulated in many ways, and eclipse is one of them.
  3. If you have your own node, be sure to protect it. The easiest way is to limit the number of incoming connections, with a firewall preventing these connections.
  4. You can also periodically check the connections of your node or wallet and create a list of trusted nodes that you will use at any time. This will avoid unpleasant surprises in case your node is connected to a malicious node that attacks you or any other network user.
  5. Update your wallets and nodes. Developers are aware of cyber threats, and are looking for ways to strengthen connection protocols. Updating in this regard can provide you with better protection.

With these simple recommendations, you can better protect yourself from such hacking tricks and thus take care of your money and privacy.

SPACEBOT

Author of the article

How to listing my coin/token to the SPACEBOT?

Application Form for Listing

Please Kindly Answer the Following Questions:

  1. 1. Coin Recommender
    1. 1.1 Anyone Introduces You to SPACEBOT?
    2. 1.2 Referral’s Name, Mailbox, Telegram Account
  2. 2. Introduction of the Project
    1. 2.1 Name of Project, supporting both Russian and English
    2. 2.2 Official Website
    3. 2.3 Documentation link (api for developers)
    4. 2.4 Symbol (url: coinmarketcap.com,coinpaprika.com etc.) ATTENTION: It’s a prerequisite! If information about your coin is not available on this resource, we can agreed and list it on coinmarketrate.com. Listing price from 10 ETH.
    5. 2.5 Offering Price (url: coinmarketcap.com,coinpaprika.com etc.)
    6. 2.6 Total Fundraising Amount (url: coinmarketcap.com,coinpaprika.com etc.)
    7. 2.7 Brief Introduction of your Project Covering its Positioning, Features , etc.
    8. 2.8 Expected Trading Pairs against BTC, USDT, ETH (url: coinmarketcap.com,coinpaprika.com etc.)
    9. 2.9 Anyone in Charge of the Project
    10. 2.10 Contact of Project Manager
    11. 2.11 Project promotion Channel like Website, Wechat Official Account, Twitter, etc.
    12. 2.12 Attachment of Source File of Token Logo
    13. 2.13 Is the Project Tokens Based on ERC20 (or other blockchain)?
    14. 2.14 Any Market Value Management?
  3. 3. Project Marketing ant Its Users Scale
    1. 3.1 Expected Listing Date
    2. 3.2 Users Community in Telegram, Twitter, Reddit, Slack, WeChat, QQ Group , etc. and Its Links and Scale
    3. 3.3 Media Reports and Links
    4. 3.4 Time and Place of Roadshow or Other Marketing Campaign?
    5. 3.5 Marketing Budget on SPACEBOT and Token price establishing margin
  4. 4. Qualifications
    1. 4.1 Basic Information of Team Members
    2. 4.2 Consultants or Public Figures
    3. 4.3 Early Investment
    4. 4.4 Whether Listed on Quote Platform,such as Feixiaohao ,CoinMarketCap, etc.
  5. 1. Notes for Listing
  6. 2. SPACEBOT the unique software, for co-production of cryptocerrency. SPACEBOT provides an opportunity to get a monthly increase in the productivity of the cryptovoltaic minting of PRIZM, BIP and other cryptocurrency due to the total increase of the balance in the network of blockages through the “Proof-of-Stake” system.
  7. 3. SPACEBOT is only responsible for verification of authenticity and legitimacy of projects. SPACEBOT will not evaluate the project, and not provide any moral and value endorsement. The digital assets team will take full responsibility for all illegal irregularities such as illegal fund-raising, pyramid selling, money laundering, gambling, drug abuse, fraud, being banker of the asset, etc.
  8. 4. The digital asset teams need to make preventive measure with SPACEBOT to keep away from crushing the market. Otherwise we will end the cooperation.
  9. 5. SPACEBOT will remove the project from the list if : The dissolution of team keeps our client away from mining, transferring, block inquiring, etc. No investors trade, hold, use this token; technical failure which affect mining, transferring, block inquiring, etc. The team has some illegal irregularities such as illegal fund-raising, pyramid selling, money laundering, gambling, drug abuse, fraud, being banker of the asset, etc.

How to register a new users on SPACEBOT?

Registration on SPACEBOT is available only via the referral link which you can get after bonding 100 coins to the pool.

In order to get the link through the Telegram bot:
1. Send 100 coins to the wallet given by the bot: Wallet – Deposit
2. Bond 100 coins to the pool: Wallet – Deposit for paramining
3. Skip to ‘Affiliate program’ section and copy your referral link
4. Now you can share your referral link and invite new users

In order to get the link through iOS/Android:
1. Send 100 coins to the wallet given by the App: Home screen – Refill
2. Bond 100 coins to the pool: Home scren – Bond
3. Skip to ‘Affiliate program’ section and copy your referral link
4. Now you can share your link and invite new users

How to install the iOS App?

To install the App

1. Follow the link:

https://apps.apple.com/ru/app/spacebot/id1498907599

2. Сlick ‘Install’ and follow the standard steps to install the App on your device

3. If you are a new user – press ‘Register’ (you need to indicate your inviter; find your inviter`s ID or get a referral link in the ‘How to register a new user’ section)

4. If you already have your SPACEBOT Telegram account you need to link it to email. You may find how to do it in ‘How to link email to your SPACEBOT account?’ section.

How to install Android App?

To install the App:
1. Follow the link:

https://play.google.com/store/apps/details?id=space.bot.mobile

2. Press ‘install’ and follow the standard steps to install the App on your device.

3. If you are a new user – press ‘register’ (you need to indicate your inviter; find your inviter`s ID or get a referral link in the ‘How to register a new user’ section)

4. If you already have your Telegram SPACEBOT account you need to link it to email. You may find how to do it in ‘How to link email to your SPACEBOT account?’

How to top up your balance?

Top up your balance with Telegram bot:
1. Go to ‘Wallet’ section
2. Press ‘Deposit’
3. Copy the wallets sent to you (be careful not to copy extra symbols)
4. Transfer coins to the copied wallet adress

Top up your balance with iOS/Android App:
1. Press ‘Top up’ on the mail screen
2. Copy the wallets sent to you (be careful not to copy extra symbols)
3. Transfer coins to the copied wallet adress

* Track transaction on the blockchain:
PRIZM – https://prizmexplorer.com
BIP/BTT – https://explorer.minter.network

**Please note that depositing of coins requires certain number of confirmations in the network and it takes time to process a transaction with our algorightm

***Also note that many exchanges and wallets services carry out transfers with delay (on some exchanges it can take up to 72 hours), and you shouldn`t worry since this is a stadard procedure.